<!doctype html>
<head>
	<meta http-equiv="Content-type" content="text/html; charset=utf-8">
	<title>Preventing CSRF attacks</title>
</head>
	<script src="../../codebase/dhtmlxscheduler.js" type="text/javascript" charset="utf-8"></script>
	<link rel="stylesheet" href="../../codebase/dhtmlxscheduler.css" type="text/css" media="screen" title="no title" charset="utf-8">

	
<style type="text/css" media="screen">
	html, body{
		margin:0px;
		padding:0px;
		height:100%;
		overflow:hidden;
	}	
</style>

<script type="text/javascript" charset="utf-8">
	function init() {
		scheduler.config.multi_day = true;
		
		scheduler.config.xml_date="%Y-%m-%d %H:%i";
		scheduler.init('scheduler_here',new Date(2010,0,10),"week");
		scheduler.load("./data/events_safe.php");
		
		var dp = new dataProcessor("./data/events_safe.php");
		dp.init(scheduler);
	}

	function try_csrf(feed, value){
		var data = "1261150515_id=1261150515&1261150515_start_date=2010-01-09%2007:00&1261150515_end_date=2010-01-09%2009:00&1261150515_text="+value+"&1261150515_details=Royal%20Albert%20Hall&1261150515_!nativeeditor_status=updated&ids=1261150515";
		dhtmlxAjax.post(feed+"?connector=true", data, function(loader){
			if (loader.xmlDoc.responseText == "")
				alert("Operation blocked");
			else
				alert("Data saved");
		});
	}
</script>

<body onload="init();">
	<div id="scheduler_here" class="dhx_cal_container" style='width:100%; height:50%;'>
		<div class="dhx_cal_navline">
			<div class="dhx_cal_prev_button">&nbsp;</div>
			<div class="dhx_cal_next_button">&nbsp;</div>
			<div class="dhx_cal_today_button"></div>
			<div class="dhx_cal_date"></div>
			<div class="dhx_cal_tab" name="day_tab" style="right:204px;"></div>
			<div class="dhx_cal_tab" name="week_tab" style="right:140px;"></div>
			<div class="dhx_cal_tab" name="month_tab" style="right:76px;"></div>
		</div>
		<div class="dhx_cal_header">
		</div>
		<div class="dhx_cal_data">
		</div>
	</div>

	<div style='position:absolute; bottom:20px'>
	<input type='button' value='Save data to un-secure feed' onclick='try_csrf("./data/events.php","Un-Secure")'>
	<input type='button' value='Save data to secure feed' onclick='try_csrf("./data/events_safe.php","Secure")'>
	</div>
</body>
